How to - Securely passing credentials from Attended BOT to unattended BOT

I am a new UiPath developer and trying to solve one challenge.

Here is the scenario

  1. I have a process which takes about 3 hrs to complete from start to finish.
  2. I have to allow user to enter his/ her credentials.
  3. I have two options
    • Use attended BOT to prompt for username and password. But during BOT execution user has to wait for 3 hrs for BOT to complete all actions (accessing browsers etc…)
      - Use unattended BOT and get credentials from orchestrator Assets.This doesn’t work as we don’t want to store user credentials and perform unattended jobs.
  4. So I started thinking about a hybrid approach, where user starts attended BOT which prompts for credentials then this BOT will start an attended BOT securely passing the password.
    • The goal is to encrypt password before passing it to Attended BOT. and Decrypt it later.

Now the issue I see is

  • Using System.Cryptography I can decrypt to ‘String’ but not to ‘Secure String’. Do we have any workaround for this? I don’t want it to be decrypted to ‘String’.

I am open for any other solutions using which I can pass the user credentials without storing it in Orchestrator to unattended BOT.

We are experiencing a similar situation. Were you able to come up with a solution that worked for your scenario?

@Spulli Any reason why you don’t want to store the creds in Secure Credentials Asset on Orchestrator?

I have a few questions:

  1. Is the user password required for all steps or is there any pre/post work that could be done by an unattended bot?

  2. Is the system internal or external? Are there any concerns with giving a separate login credential to the robot that only has access to preform the automation task?

My company has been creating what we call “service accounts” that serve as a separate username and password to a system. These service accounts have the minimal access to a system to do their task. This was we can do unattended automation without needing user information. These passwords are encrypted in the orchestrator and are regular changed to minimize risk.